A recent cyberattack on CDK Global, a prominent software provider for car dealerships, has caused widespread disruption across North America. CDK Global’s systems, which support around 15,000 dealerships, were severely compromised, forcing many businesses to revert to manual operations. The attack has led to significant operational and financial impacts, with the company considering a substantial ransom payment to resolve the situation.
Since the initial breach on June 19, chaos has enveloped many of the 15,000 car dealerships reliant on CDK’s dealership management system (DMS). This suite of software tools is integral to day-to-day operations, affecting everything from sales to vehicle repairs. The outage has disrupted business during a critical end-of-quarter sales period, with industry sales topping $1.2 trillion in the previous year.
Diana Lee, CEO of Constellation, highlighted the severity of the disruption:
“It’s just mass chaos at this point. The dealer’s required to actually run a DMS for sales, service, parts, for every single functionality — even stocking a vehicle, you can’t do it without the DMS system. So it is a disaster” .
CDK’s troubles began on June 19 when they discovered the breach and shut down their systems. A brief restoration of services was attempted but had to be halted after a second cyberattack. The persistence and sophistication of the attacks suggest that CDK might have been dealing with an advanced and well-organized cybercriminal group. According to reports, the hackers behind this attack are believed to be from Eastern Europe .
Rob Lee from the SANS Institute remarked on the repeated attacks:
“They may have realized at that point that it was going to be a game of whack-a-mole, and that they’re not going to be able to win until they identify all the compromises” .
The hacking group, identified as BlackSuit, has demanded tens of millions of dollars in ransom. CDK is negotiating with the hackers to obtain a decryptor and prevent the leakage of stolen data. BlackSuit, believed to be a rebrand of the notorious Royal ransomware operation, has a history of high-profile attacks and significant ransom demands .
In response, CDK warned their customers about potential fraud attempts, stating:
“We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK, trying to obtain system access” .
The cyberattack has had a ripple effect across the auto industry. Major dealership groups like AutoNation Inc., Group 1 Automotive Inc., and Sonic Automotive Inc. have all experienced disruptions. Sonic Automotive disclosed that the outages might negatively impact their operations until full system recovery .
A spokesperson for AutoNation Honda Dulles, Kevin Red, described the situation:
“Everything is messed up — we have to do everything manually. There’s discomfort for everybody. For us, for management, for customers” .
The attack has had financial repercussions for CDK’s parent company, Brookfield Business Partners LP, which saw its stock plunge by 5.7% following the news. The dealership groups also experienced declines in their share prices as the market reacted to the disruption .
Penske Automotive Group and Sonic Automotive confirmed that they had implemented manual or alternate processes to continue operations amid the outages. Both companies reassured stakeholders through SEC filings about their ongoing efforts to mitigate the impact of the attack .
The CDK Global ransomware attack underscores the vulnerabilities in critical IT infrastructure and the extensive impact such incidents can have across industries. With tens of millions of dollars in ransom at stake, the outcome of CDK’s negotiations with the BlackSuit gang remains uncertain. This incident serves as a stark reminder of the importance of robust cybersecurity measures and contingency planning for businesses reliant on digital operations.
As cybersecurity expert Jake Williams emphasized:
“One cyberattack has disproportionate impacts. Most organizations just don’t have disaster recovery plans and business continuity plans that are high-quality and tested enough to deal with a large-scale attack” .